Hi, It's to adhere to secure HTTP/HTTPS behavior. This is why we allow for custom session managers like you've done ;)
Yoav Shapira http://www.yoavshapira.com >-----Original Message----- >From: Joe Reger, Jr. [mailto:[EMAIL PROTECTED] >Sent: Tuesday, November 16, 2004 8:18 PM >To: 'Tomcat Users List' >Subject: RE: Configure Tomcat's Session Cookie Domain? > > >Thanks. What I suspected. Is this to adhere to a spec, or simply >functionality not (yet?) developed for Tomcat? > >I've created a workaround session manager that manually sets its own >cookies. One result being that my scaling strategy can't rely on the >session replication of Tomcat... I'll have to use a firewall with sticky >sessions. But enough whining from me... like always, there's a workaround. > >Best, > >Joe > >-----Original Message----- >From: Tim Funk [mailto:[EMAIL PROTECTED] >Sent: Tuesday, November 16, 2004 7:12 PM >To: Tomcat Users List >Subject: Re: Configure Tomcat's Session Cookie Domain? > >Nope. Can't do it. > >But if you really need it to be more domain generic - there is nothing >stopping you from expiring the JSESSIONID cookie and setting a newer one at >a more generic level. (But this will probably cause future issues) > >-Tim > >Joe Reger, Jr. wrote: >> Hi. >> >> Is there any way to specify the domain of the cookie that Tomcat sets >> to maintain session across requests? >> >> In java there's javax.servlet.http.Cookie.setDomain(java.lang.String >> pattern) that allows me to set it to something like ".joereger.com"... >> which allows a cookie to persist across "one.joereger.com", >> "two.joereger.com", "three.joereger.com" and so on. >> >> Anything like this in Tomcat's configuration? I've also looked into >> the <jsp:useBean> tags but haven't found anything that does what I'm >> looking for. > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
